192173 matches found
CVE-2026-33948
jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...
CVE-2026-0512 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...
PT-2026-32756
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A double free issue in the Windows Secure Kernel allows an authorized attacker to elevate privileges locally, enabling a low-privilege user to gain administrative access to the...
Important: amazon-efs-utils
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...
PraisonAI 安全漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI 4.5.139 and earlier contained security vulnerabilities. These vulnerabilities stemmed from known credential exposure risks in GitHub Actions workflows, which could allow attackers to...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...
PT-2026-32718
CVE-2026-20928 Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security featur… https://t.co/pg5NOejQRf...
CVE-2026-33116
Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...
PT-2026-33235
Name of the Vulnerable Software and Affected Versions @vendure/core versions prior to 2.3.4 @vendure/core versions 3.0.0 through 3.5.6 @vendure/core versions 3.6.0 through 3.6.1 Description An unauthenticated SQL injection exists in the Shop API and an authenticated SQL injection exists in the...
PT-2026-32747
Name of the Vulnerable Software and Affected Versions Microsoft PowerShell affected versions not specified Description Improper input validation allows an authorized attacker to elevate privileges locally on the system. Recommendations At the moment, there is no information about a newer version...
PT-2026-32831
🪟 COM EoP CVE-2026-32162 again? When Microsoft’s “trust boundaries” are just vibes, every COM hop is a potential jailbreak. Triage fast: local users turning into admins is the usual horror sequel. https://t.co/nNowXseXJj ElevationOfPrivilege MicrosoftMsrc WindowsCom https://t.co/7B8CqiBKho...
Security and Resilience in Autonomous Vehicles: A Proactive Design Approach
Autonomous vehicles AVs promise efficient, clean and cost-effective transportation systems, but their reliance on sensors, wireless communications, and decision-making systems makes them vulnerable to cyberattacks and physical threats. This chapter presents novel design techniques to strengthen t...
PT-2026-32803
Name of the Vulnerable Software and Affected Versions Windows Universal Plug and Play UPnP Device Host affected versions not specified Description An untrusted pointer dereference in the Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
PT-2026-32595
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.140 Description GitHub Actions workflows are susceptible to an ArtiPACKED attack, which is a credential leakage vector. This occurs when actions/checkout is used without setting persist-credentials: false. By...
PT-2026-32797
Name of the Vulnerable Software and Affected Versions Windows Local Security Authority Subsystem Service LSASS affected versions not specified Description A null pointer dereference in the Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to cause a denial o...
PT-2026-32752
Name of the Vulnerable Software and Affected Versions Windows Boot Manager affected versions not specified Description Use of an uninitialized resource allows an unauthorized attacker to bypass a security feature through a physical attack. Recommendations At the moment, there is no information...
PT-2026-32760
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description Improper access control in the Windows RPC API allows an authorized attacker to elevate privileges locally and affect the system. Recommendations At the moment, there is no information about ...
Microsoft Windows Shell 安全漏洞
The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A security feature bypass...
PT-2026-32847
Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description A stack-based buffer overflow in the Windows Kernel allows an authorized attacker to elevate privileges locally. A stack-based buffer overflow occurs when a program writes more data to...
PT-2026-32798
CVE-2026-32072 Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. https://t.co/LqmmLGYoRL...